From: Germany (ccie.gergonza@gmail.com)
Date: Sat Feb 02 2008 - 00:28:03 ARST
That would not be right...
First statement is permitting ranges of 8: i.e. 0-7, 16-23, 32-39, etc...
Second statement is denying only the 110.20.0.0/24 subnet (which was allowed
in the former statement)
Third statement is allowing subnets .1,.2,.3,.4,.5,.6,.7...
If you're trying to do this with the least possible statements (without
denying additional subnets) I think you're looking for something like this:
Deny 110.20.0.0 0.0.6.255 (this gets 0,2,4,6)
Deny 110.20.8.0 0.0.0.255
Permit any
About the first statement
110.20.0.0 0.0.6.255
6= 00000110
Matches: 00000000 = 0
00000010 = 2
00000100 = 4
00000110 = 6
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
abdul muhammed
Sent: Thursday, January 31, 2008 12:19 PM
To: Cisco certification
Subject: need help on ACL
hi
will it be ok to write and access-list that deny even subnet less than 9 i.e
(110.20.0.0, 110.20.2.0, .... 110.20.8.0) as below.
ip access-list standard acl1
permit 110.20.0.0 0.0.8.255
deny 110.20.0.0 0.0.0.255
permit any any
-- Abdul Muhammed Murtala AMerican University of Nigeria Lamido Zubairu way, Yola Adamawa +2348052001153, +2348056201237Network Manager MCSE,MCDBA,MCSA,OCPDBA,CCNA,CCIE Written.
This archive was generated by hypermail 2.1.4 : Sat Mar 01 2008 - 16:54:47 ARST